Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

How to stop certreq from prompting a dialog box to press OK or CANCEL?

November 13, 2014, 6:56 pm
$
0
0

I have an issue guys and I hope someone has a simple answer.

After all of my destruction of installing, configuring and deploying PKI. I have finally narrowed it down to one issue I’m having.

When I run the following command line, CertReq -new -f %certpath%\%input%.inf %certpath%\%input%.req . A popup box with the option to press OK or Cancel. If I press OK, my *.req file is created. If I try to use the -q, I receive an error:

ConfigMgrWorkgroupClientCertificate
: The system cannot find the file specified. 0x80070002 (WIN32: 2)

The –q is shown on technet http://technet.microsoft.com/library/cc725793.aspx

I also use CERTREQ in this command and I receive the same response. press OK or Cancel.

certreq -submit -f -Username abc\testuser1 -p P@ssw0rd -PolicyServer "https://lnyceppkis01.abc.com/KeyBasedRenewal_ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" -config "https://lnycespkis01.abc.com/IssuingCA-LNYSUBCAPKIS01_CES_UsernamePassword/service.svc/CES" -attrib "ConfigMgrWorkgroupClientCertificate" %certpath%\%input%.req %certpath%\%input%.cer

Rem Change ConfigurationManagerClientTemplate below to the name of theCertificate Template you create HERE. Remember use theCert Name NOT theDisplay Name

echo;-----ConfigMgrWorkgroupClientCertificate.inf----->"%certpath%\%input%.inf"

echo[NewRequest]                                    >>"%certpath%\%input%.inf"

echoSubject="cn=%input%"                            >>"%certpath%\%input%.inf"

echoKeyLength=2048                                  >>"%certpath%\%input%.inf"

echoExportable=TRUE                                 >>"%certpath%\%input%.inf"

echoMachineKeySet=TRUE                              >>"%certpath%\%input%.inf"

echoKeySpec=1 ;key exchange                         >>"%certpath%\%input%.inf"

echoKeyUsage=0xA0                                   >>"%certpath%\%input%.inf"

echo[RequestAttributes]                             >>"%certpath%\%input%.inf"

echoCertificateTemplate=ConfigMgrWorkgroupClientCertificate>>"%certpath%\%input%.inf"

Rem Create the a binary request filefrom the INF

echoGenerating certificate request for server%input%

CertReq -new -f%certpath%\%input%.inf%certpath%\%input%.req




Search

tracking remote logins

September 27, 2012, 11:15 am
$
0
0

Hi,

Is there any script or software avialble to track remote login users and from which machine they are loginging in. examp:- if a user is logging into a remote computer through remote console or any other way, i want know that user name and from which machine is logged into the remote computer. Instead of depending on event viwer, i am trying to find a script or software to track this.

Certificate issued by local certificate authority (CA) is not trusted

November 10, 2014, 4:30 pm
$
0
0

I created a CSR for one of Windows 2012 server (let's call it SERVER01), got it issued by local certification authority and then imported it on Windows 2012 server (SERVER01).

It is a computer account certificate which is successfully installed in personal>certificates under certificates (local computer).

Now when I am trying to open https://SERVER01:443 from any domain server, I get a certificate error in internet explorer. The bar is RED and at the very right it shows certificate error. When I click on the certificate error, it pops up a window which reads"mismatched address". Why am I getting this error message?

I have verified the authenticity of the certificate and can confirm that it is valid and being use to ensure the identity of the remote computer, SERVER01. Please help. All the servers are on same domain.



Replacing SHA-1 certificate with SHA-2

November 3, 2014, 7:25 am
$
0
0

We have a certificate that needs to be replaced. It is currently SHA-1, and we wish to replace it with SHA-2. We created a new certificate request and have received the replacement. The Root certificate remains the same; we now have two intermediates, instead of the one for SHA-1; and we have a new certificate with the same CN. Server is running Windows Server 2008 R2 and IIS 7.5.

  1. Should I remove the existing intermediate and server certificates before adding the new ones?
  2. Can the two intermediate certs be imported in a single file, or do I need to import them individually?

Thanks,

  John

Windows 2012 R2 - Cannot connect to TLS secured site with cipher TLS_RSA_WITH_RC4_128_SHA

November 13, 2014, 8:53 am
$
0
0

I have a script running on a Windows 2012 R2 server (fully up to date) that is trying to connect to a webserver using HTTPS.  The cipher suites offered by the certificate on the server are:

  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_RC4_128_MD5

As far as I can tell these are supported on Windows 2012 R2 but yet the connection fails with:

-2147012739 (80072F7D) An error occurred in the secure channel support

... and logs the following in the Event Log:

Log Name:      System
Source:        Schannel
Date:          13/11/2014 15:56:52
Event ID:      36887
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      Serial1
Description:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

I have used Wireshark to review the cipher suites being offered as part of the TLSv1.1 Client hello and it seems neither of the two supported by the certificate are included:

cipher suites (19 suites)
cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (Ox003c)
cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA (Ox002f )
cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (Ox003d)
cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA (Ox0035)
cipher suite: TLS_RSA_WITH_3DES_EOE_CBC_SHA (OxOOOa)
cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (Oxc027)
cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (Oxc013)
cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (Oxc014)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (Oxc02b)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (Oxc023)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Oxc02c)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (Oxc024)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (Oxc009)
cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (OxcOOa)
cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (Ox0040)
cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (Ox0032)
cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (Ox006a)
cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (Ox0038)
cipher suite: TLS_DHE_DSS_WITH_3DES_EOE_CBC_SHA (Ox0013)


Why?

After some research I have read about using Group Policy Editor to enable the "SSL Cipher Suite Order" (under Administrative Tools\Network\SSL Configuration), which does include both the above cipher suites.  Needless to say this does not fix the problem and the above list was produced after having made that change.

I have read the KB article that refers to KB 931125.  I have two servers on opposite sides of the World exhibiting this problem, both recently installed.

I have used IIS Crypto to examine the configuration it shows (not sure if this is client or server config, in my scenario connecting out, the app is a client), and everything appears to be in order.

I am stuck as to where to go next. Can anyone help?

Microsoft Windows Unquoted Service Path Enumeration.

May 14, 2013, 1:54 pm
$
0
0

I seek for your advice in a security issue and how to mitigate this high risk vulnerability.

Microsoft Windows Unquoted Service Path Enumeration.Microsoft Windows Unquoted Service Path EnumerationMicrosoft Windows Unquoted Service Path Enumeration

Synopsis

The remote Windows host has at least one service installed that uses an unquoted service path.

Description

The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service.

MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014

November 14, 2014, 8:40 am
$
0
0

I have a server 2008 R2, with NO Service Pack 1 installed.

Will this https://support.microsoft.com/kb/2992611 patch still be applicable for me to install? It says not.

But is the system vulnarable? And Do I have to install Service Pack 1 to NOT be vulnarable anymore?

Renewal of Sub CA Certificate

November 14, 2014, 11:24 am
$
0
0

Hi All,

I am renewing the Sub CA certificate of one of my issuing CA's this weekend. I will not be revoking the exsiting cert and i will not be generating new keys.

Do i have to publish new root CRL's after the above work. I dont think i need to but i would like some confirmation.

Thanks in advance

Search

MS14-066 and Windows Server 2008 R2

November 14, 2014, 11:51 am
$
0
0
Is Windows Server 2008 R2 without SP1 vulnerable to MS14-066 (Schannel vulunerability)?  Also, is Service Pack 1 a prerequisite for applying the patch?

Updates

November 14, 2014, 4:29 pm
$
0
0
I have tried everything to update my computer with  windows updates nothing works they update to 4% and thats it how can I get my updates to update? Also it takes my computer about two hours to shut down and when i start it back up it only configures 35%. and goes on to boot up. I have gone into the windows updates and tried everything.

How to revoke machine certificates quickly?

November 14, 2014, 7:22 pm
$
0
0

We are planning to start using device certificates for the first time for the following purposes:

Exchange ActiveSync certificate based authentication.

Wireless authentication for laptops that are not members of our domain.

System Center Configuration Manager Internet based clients to authenticate  from the Internet through a reverse proxy to receive Windows and software updates.

Allow Chromebooks to authenticate to Cisco ASA L2TP with IPSEC VPN with device certificate instead of PSK.

If any of the devices or certificates get stolen, we would need to revoke the certificates so the devices can no longer authenticate.

I have already seen links that give steps on how to revoke the certificate on the issuing CA server, but how to you make this change happen right away?  If we go through the steps to revoke the certificate, how can we make sure the devices that are providing the certificate authentication (RADUIS server for wireless and for VPN, reverse proxy, SCCM, Exchange etc.) know the certificate is revoked and immediately stop allowing connections?

 



parsing OCSP logs

November 15, 2014, 6:33 am
$
0
0

Hello,

am using the following script to parse OCSP Logs(ADCS), which is resulting fine.

but am not satisfied with the speed of parsing - any one can help me to make it quick or other alternative way.

on Error resume Next
Set objFS = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")
set objFileU = objFS.OpenTextFile("u_ex141113.log",1) 'IIS Log file input
set objFileRW = objFS.CreateTextFile("Result.txt",2)
i=-10
do until objFileU.atendofstream
strLine = objFileU.readLine
arrLine = split(strLine," ")
arrLine1 = split(arrLine(4),"/")
if arrLine1(1) = "ocsp" Then
'wscript.echo arrLine1(2) & "/" & arrLine1(3) & "/" & arrLine1(4)

set objFileT = objFS.CreateTextFile(i&".txt",2,False)
objFileT.WriteLIne arrLine1(2) & "/" & arrLine1(3) & "/" & arrLine1(4)
objFileT.close

strCommand =  "cmd /c certutil " & i &".txt | findstr Serial"

set objExec = wshShell.exec(strCommand)
strOut = objexec.stdout.ReadAll
if instr(strOut,":") Then
wscript.echo split(replace(replace(strout," ","",1,-1),vbCrLf,""),":")(1) & "," & arrLine(8)
objFileRW.WriteLine split(replace(replace(strout," ","",1,-1),vbCrLf,""),":")(1) & "," & arrLine(8)
end if
objFS.deleteFile i & ".txt"
end if
i=i+1
Loop
objFileRW.close

'thanks

Smart card logon error using Windows Server 2012

November 14, 2014, 8:05 pm
$
0
0
I have configured Windows Server 2012 Domain for Smart Card logon and have logged on using a Smart Card.  The issue I am having is that when I shut down the server for about 2 days then attempt to logon using the Smart Card I receive the following error: "Smart Card Logon is not supported for your user account"  I enroll the Domain Controller Authentication Certificate then logon using the Smart Card.  Why do I have to keep re-enrolling the Domain Controller Authentication Certificate in order to logon with the Smart Card? I have never had this issue using Windows Server 2008, only in 2012.  Any help would be appreciated.

Slow SQL Server Performance after Windows Update

November 15, 2014, 6:43 pm
$
0
0

One of our clients on SQL 2005 Standard Server and Windows 2008 R2 has reported extreme application slowness since Windows Update Automatically applied security updates last week. It seems every time our application queries the SQL server, a 3-5 second pause occurs before a response is returned. During the query response delay, the lsass.exe (Local Security Authority) Process momentarily spikes in CPU utilization.

We noticed it occurred right after a series of windows updates were applied to the server. Because they were numerous, we removed 3 updates at a time and rebooted to see if one of the Windows Updates was to blame. After removing the 3rd group and rebooting, the SQL performance returned to normal. We are not sure which update caused it, but know it had to be one of these 3:

Security Update for Microsoft Windows (KB2992611)
 Security Update for Microsoft Windows (KB2993958)
 Security Update for Microsoft Windows (KB3002885)

We are extremely concerned as we expect more clients to be affected by this as these updates get pushed out. Please help!

How to use Secedit.exe to find which accounts have permission for SeLockMemoryPrivilege and SeManageVolumePrivilege local security policies?

November 16, 2014, 1:46 pm
$
0
0

Hello,

I would like to know how (if possible) to use Secedit.exe to find out which account(s) have permission for the local security policies SeLockMemoryPrivilege and SeManageVolumePrivilege. When I export the system security template using "C:\Windows\security\database\secedit.sdb", only four User Rights security policies are in the template (for each policy, a different line: <security_policy_name> = "SID1,SID2,...SIDn"). The two policies I want are not in the four. How do I get them? That is, how do I get the permissions info for SeLockMemoryPrivilege and SeManageVolumePrivilege?

Thanks!

Search

Block ip address in win server with cmd command

September 6, 2012, 8:54 am
$
0
0
Hi
In win server how i can block ip address with cmd command?
Thanks

Win Shock

November 13, 2014, 2:16 am
$
0
0

Hi Everyone,

We have query regarding Win shock voluntarily. Is Windows server 2008 service pack 1 is affected. What would be the remediation..

windows server 2008 CA Issue

November 11, 2014, 10:31 pm
$
0
0
the clients still dont trust it ! you should get " Verified by your CA " up on the browser .i dont get that at all !&lt;p&gt;what i know is that clients should trust the CA certificate auto as long as they are joined the domain . any ideas<br />

Effects of Disabling Null Sessions on Domain Controllers

October 30, 2014, 11:15 am
$
0
0

I have been tasked with finding out what will happen to our domain controllers and the systems that depend on them when we make the change to disable null sessions on our domain controllers. We are disabling them to resolve a security hole discovered by an audit.

Normally, I would just change the registry setting and see what breaks, but I don't have that option now. The reason for the caution is that we noticed that member servers were randomly connecting anonymously to the IPC$ share on the DCs. They wouldn't open any files, they would just open a share session, then disconnect a few seconds later.

What I suspect, but cannot prove, is that member servers occasionally do this to check if the domain is "still there" or something to that effect. If that's the case, it seems like disabling null sessions could cause some problems. If anyone could offer some insight, I would appreciate it.

Thanks.

SK

Can not start remotely multiple instances of aplication

November 17, 2014, 4:19 am
$
0
0

Hi

I login to my server using cygwin/sshd and start a script which starts 12 instances of some process and it works fine. But when I increased number of instances of this process to 48 they do not work!

If I login to my server using remote desktop and start this script manually all 48 instances works fine!

Is there some limit of processes in windows that can be started by a remote user? Hoe can I change it?

Greg

Viewing all 12072 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>